TopTop

Best Practices for Safe Password Storage

Safe Password Storage

The Need for Safe Password Storage

You wouldn’t leave your car keys taped to the side of your car, or your house keys hanging from the lock. So why tape them to your computer screen or laptop for all the world to see? Anyone with access to the computer, whether a friend, family member, or a nosey patron at the local coffee shop, can see this information and potentially access your accounts.

I was recently conducting business with a retail store, and noticed they had taped the username and password of their point of sale system on the side of the receipt printer. I could clearly see the name of the application, along with “user” and “password” followed by the corresponding values. I mentioned to the clerk that it might be a good idea to keep that information somewhere less visible, or better yet nowhere at all. A less honest individual could take that information and have access to their customer information, credit card numbers, and anything else that is saved to the system.

Our need for access to online services continues to grow, and managing all the usernames and passwords can be daunting – especially when you know you have to use complex passwords to avoid being hacked. It often becomes necessary to record this information so that you can keep track of all your accounts.

Password Storage Options

Keeping a record of passwords shouldn’t be taken lightly. If you record account information and passwords on paper, you can keep it safely locked up or at least hidden from view. However, what if you need the information and you aren’t at the location you have them stored? Or worse, the list becomes lost or stolen? Some people keep password lists in an electronic document, such as Word or Excel. While you now have the information available at your fingertips, so does anyone else with access to the computer. Some word processing applications allow you to password protect the document, so in order to open it you must enter a password. This is slightly more secure, but this type of protection and password storage is weak at best. There are utilities to break in to documents protected this way. Usually because people forget their passwords!

The good news is, keeping a list of passwords can be done safely with the right tools. There are applications dedicated solely to password storage, and they do a fine job of protecting our valuable information.

Finding a reputable password storage program isn’t difficult, and there are a lot of free utilities available. I do place emphasis on reputable, because a search for “password storage software” might provide hits for utilities claiming to be such, but are actually spyware in disguise. Any worthy utility should meet some basic requirements. For one, it should require a password to open. Although you may think this defeats the purpose of having a password storage program only to have yet another password, trying to remember a single password is much easier than trying to remember them all! Also, it’s important that the password storage software encrypts the passwords, so that the information is protected should your computer be lost or stolen.

Recommended Password Storage Utilities

KeePass, available at http://Keepass.info, is a great free password saving utility. Installing the program is simple, and all you do is add your usernames and passwords to the program. When you need to look up a password, open the software and enter a single password to see a list of all your passwords. KeePass has an added security option of not only requiring a master password to open your password list, but also requiring a “key” file. This key file can be kept on a thumb drive so that only the user who has the thumb drive can open the software. The key file itself contains no password information – its simply used to verify the user is authorized. This option can be enabled or disabled depending on your preference.

LastPass, which you can find at https://lastpass.com , is password storage which operates a little differently. This application integrates with your web browser, so that passwords are stored and can be automatically entered when browsing. You can also choose to store credit card, address, and other information so that it’s automatically entered as you go. Of course, you can also store this information without having to use the browser integration. With the paid premium version, you can access this information from a mobile device too.

Password Retrieval Alternatives

Even those of us who are diligent about retaining usernames and passwords have forgotten one or two. If you lose the password to your password storage utility, it’s likely you won’t be able to recover it. That doesn’t mean you’ll lose access to your online accounts. You’re probably familiar with clicking the “I forgot my password” link and following steps to reset it. Be sure to keep account recovery options up to date, with current phone and email accounts. This information is usually found within the account settings or profile areas of the service. Also, if the service uses security questions, use something that isn’t easily guessed or is well known. The password reset is often how hackers gain access to an account, and a weak security question makes it that much simpler.

 

Posted in

Matt Rice, CTO

Matt is a graduate of Central Maine Technical College. He has been with Burgess since 2001, acting as Service Manager, then General Manager, before becoming an owner. Matt focuses on developing and delivering technologies that fit best with customer needs.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *